﻿<?php

if (!defined('NV_ADMIN')) {
    die ("Access Denied");
}

include_once("language/raovat_".$currentlang.".php");

if (file_exists("".INCLUDE_PATH."".$datafold."/config_raovat.php")) {
	@require_once ("".INCLUDE_PATH."".$datafold."/config_raovat.php");
}

function linkList() {
	global $adminfile; // 1.quan ly chung/ 2.Quan ly 'chu de'/ 3.Quan ly 'noi dung'/ 4.Kiem duyet mau tin)
    echo "<center><b><font class=\"title\"><b> "._ADMMANAGE."</b></font><br></center>";
    echo "<br>";
    OpenTable();
    menu();
    CloseTable();
}

function general_option(){
	global $db, $adminfile;
	$data = $db->sql_query("SELECT * FROM ad_control");
	$row = $db->sql_fetchrow($data);
		echo "<center><br>";
		echo "<span style = \"font-size:12; font-weight:bold; color: white;\">"._TUYCHONCHUNG."</span><br><br>";
		echo "<form name=\"gen_opt\" action=\"".$adminfile.".php?op=rvsavechanges\" method=\"post\">";
		echo "<table border = \"2\" cellspacing = \"2\" cellpadding =\"4\">";
		// content control //////////
		echo "<tr>";
		echo "<td align=left>";
		echo _KIEMTRATRUOCKHIDANG;
		echo "</td>";
		echo "<td>";
		if($row['is_content_controled']==1){
			echo "<input type=\"radio\" name=\"xcontent\" value=\"1\" checked>"._CO." &nbsp;";
			echo "<input type=\"radio\" name=\"xcontent\" value=\"0\">"._KHONG." &nbsp;";
		}
		else{
			echo "<input type=\"radio\" name=\"xcontent\" value=\"1\">"._CO." &nbsp;";
			echo "<input type=\"radio\" name=\"xcontent\" value=\"0\" checked>"._KHONG." &nbsp;";
		}
		echo "</td>";
		echo "</tr>";
		// can user del his post? //////////
		echo "<tr>";
		echo "<td align=left>";
		echo _CHOPHEPUSERXOABAI;
		echo "</td>";
		echo "<td>";
		if($row['is_allow_del']==1){
			echo "<input type=\"radio\" name=\"xdelad\" value=\"1\" checked>"._CO." &nbsp;";
			echo "<input type=\"radio\" name=\"xdelad\" value=\"0\">"._KHONG." &nbsp;";
		}
		else{
			echo "<input type=\"radio\" name=\"xdelad\" value=\"1\">"._CO." &nbsp;";
			echo "<input type=\"radio\" name=\"xdelad\" value=\"0\" checked>"._KHONG." &nbsp;";
		}
		echo "</td>";
		echo "</tr>";
		// display expired ad? //////////
		echo "<tr>";
		echo "<td align=left>";
		echo _HIENTHIRAOVATCU;
		echo "</td>";
		echo "<td>";
		if($row['is_disp_exp_ad']==1){
			echo "<input type=\"radio\" name=\"xexpad\" value=\"1\" checked>"._CO." &nbsp;";
			echo "<input type=\"radio\" name=\"xexpad\" value=\"0\">"._KHONG." &nbsp;";
		}
		else{
			echo "<input type=\"radio\" name=\"xexpad\" value=\"1\">"._CO." &nbsp;";
			echo "<input type=\"radio\" name=\"xexpad\" value=\"0\" checked>"._KHONG." &nbsp;";
		}
		echo "</td>";
		echo "</tr>";
			// allow upload //////////
		echo "<tr>";
		echo "<td align=left>";
		echo _DUOCUPLOADHAYKHONG;
		echo "</td>";
		echo "<td>";
		if($row['allow_upload']==1){
			echo "<input type=\"radio\" name=\"xupload\" value=\"1\" checked>"._CO." &nbsp;";
			echo "<input type=\"radio\" name=\"xupload\" value=\"0\">"._KHONG." &nbsp;";
		}
		else{
			echo "<input type=\"radio\" name=\"xupload\" value=\"1\">"._CO." &nbsp;";
			echo "<input type=\"radio\" name=\"xupload\" value=\"0\" checked>"._KHONG." &nbsp;";
		}
		echo "</td>";
		echo "</tr>";
		// max expired day allowed///////////
		echo "<tr>";
		echo "<td align=left>";
		echo _THOIHANTOIDA;
		echo "</td>";
		echo "<td>";
		echo "<input type=text name=\"max_exp_day\" style=\"width:25px;\" value =\"".$row['expired_day_set']."\">";
		echo _NGAY._T1D700;
		echo "</td>";
		echo "</tr>";
		// max ad per member allowed ///////
		echo "<tr>";
		echo "<td align=left>";
		echo _SORAOVATTOIDA;
		echo "</td>";
		echo "<td>";
		echo "<input type=text name=\"max_ad\" style=\"width:25px;\" value =\"".$row['max_ad_per_member']."\">";
		echo "<input type=hidden name=\"row_id\"  value =\"".$row['control_id']."\">";
		echo _MAUTIN._T1D200;
		echo "</td>";
		echo "</tr>";
				// number of ad perpage///////////
		echo "<tr>";
		echo "<td align=left>";
		echo _SOADMOTTRANG;
		echo "</td>";
		echo "<td>";
		echo "<input type=text name=\"ad_per_page\" style=\"width:25px;\" value =\"".$row['ad_per_page']."\">";
		echo _MAUTIN._T5D100;
		echo "</td>";
		echo "</tr>";
		// remove expired ad? //////////
		echo "<tr>";
		echo "<td align=left>";
		echo _XOARAOVATCU;
		echo "</td>";
		echo "<td>";
		echo "<input type=text name=\"monthdel\" style=\"width:25px;\" value =\"".$row['month_del_exp']."\">";
		echo _THANG._T1D12;
		echo "</td>";
		echo "</tr>";
		
		echo "</table>";
		echo "<br><br>";
		echo "<input type=submit name=submit value=\""._SAVECHANGES."\">";
		echo "</form>";
		echo "</center>";
	
}

function menu() {
    echo "<center><b>Trang quản lý rao vặt</b><br><br>\n"
     ."<a href=admin.php?op=rvtrans>Giao dịch</a> | \n"
     ."<a href=admin.php?op=rvcate>Lĩnh vực</a> | \n"
     ."<a href=admin.php?op=rvarea>Khu vực</a> | \n"
     ."<a href=admin.php?op=rvcheck>Kiểm soát nội dung</a><br>\n"
     ."<a href=admin.php?op=rvgeneral>Cấu hình</a></center>\n";
    }
    
function save_changes(){
	global $db, $adminfile, $datafold;
	
	if(isset($_POST['xcontent'])){
		$rowid = FixQuotes($_POST['row_id']);
		
		$content_ctrl = FixQuotes($_POST['xcontent']);
		$is_allow_del = FixQuotes($_POST['xdelad']);
		$is_disp_exp_ad = FixQuotes($_POST['xexpad']);
		$xupload = FixQuotes($_POST['xupload']);
		$max_exp = FixQuotes($_POST['max_exp_day']);
		$max_ad = FixQuotes($_POST['max_ad']); 
		$month_del_exp = FixQuotes($_POST['monthdel']); 

		$ad_per_page = FixQuotes($_POST['ad_per_page']);
		
		if($max_exp < 1) $max_exp = 1;
		if($max_exp > 700) $max_exp = 700;
		if($max_ad < 1) $max_ad = 1;
		if($max_ad > 200) $max_ad = 200;		
		if($ad_per_page < 5) $ad_per_page = 5;		
		if($ad_per_page > 100) $ad_per_page = 100;
		if($month_del_exp < 1 ) $month_del_exp = 1;	
		if($month_del_exp > 12) $month_del_exp = 12;	
	}

	// save once to setting table.
	$update_query = " UPDATE `ad_control` SET "
		." `is_content_controled` = $content_ctrl, "
		." `is_allow_del` = $is_allow_del, "
		." `is_disp_exp_ad` = $is_disp_exp_ad, "
		." `allow_upload` = $xupload, "
		." `expired_day_set` = $max_exp, "
		." `max_ad_per_member` = $max_ad, "
		." `ad_per_page` = $ad_per_page, "
		." `month_del_exp` = $month_del_exp "
		." WHERE `control_id` =$rowid";
	$db->sql_query($update_query);
	
	// save to file for user access.
	$tofile = "<?php\n\n";
	//$fctime = date("d-m-Y H:i:s",filectime ("../$datafold/config_raovat.php"));
	$fmtime = date("d-m-Y H:i:s");
	$tofile .= "// File: config_raovat.php.\n// Created: $fctime.\n// Modified: $fmtime.\n// Do not change anything in this file!\n\n";
	$tofile .= "if ((!defined('NV_SYSTEM')) AND (!defined('NV_ADMIN'))) {\n";
	$tofile .= "die('Stop!!!');\n";
	$tofile .= "}\n";
	$tofile .= "\n";
	$tofile .= "\$content_ctrl = $content_ctrl;\n";
	$tofile .= "\$is_allow_del = $is_allow_del;\n";
	$tofile .= "\$is_disp_exp_ad = $is_disp_exp_ad;\n";
	$tofile .= "\$allow_upload = $xupload;\n";
	$tofile .= "\$max_exp = $max_exp;\n";
	$tofile .= "\$max_ad = $max_ad;\n";
	$tofile .= "\$ad_per_page = $ad_per_page;\n";
	$tofile .= "\$month_del_exp = $month_del_exp;\n";
	$tofile .= "\n";
  $tofile .= "?>";
	
	@chmod("../$datafold/config_raovat.php", 0777);
  @$file = fopen("../$datafold/config_raovat.php", "w");
  @fwrite($file, $tofile);
  @fclose($file);
  @chmod("../$datafold/config_raovat.php", 0604);
	
	general_option();
}

///////////////////////  functions for transaction name. /////////////////////////
function trans_name_dis_edit(){
	global $db, $adminfile;
	echo "<center>";
	echo "<span  style = \"font-size:12; font-weight:bold; color: white;\">"._TENGIAODICH."</span><br><br>";
	$all_trans_name = $db->sql_query("SELECT * FROM ad_name ORDER BY type_id ASC");
	$sequence = 1;
	if($db->sql_numrows($all_trans_name) > 0){
		echo "<form action=\"".$adminfile.".php?op=rvupdtrans\" method=\"post\">";
		echo "<table border = \"2\" cellspacing = \"2\" cellpadding =\"4\">";
		echo "<tr>";
		echo "<td><b>"."TT"."</b></td>";
		echo "<td><b>"._TENGIAODICH."</b></td>";
		echo "<td><b>"._THAOTAC."</b></td>";
		echo "</tr>";
		while ($row = $db->sql_fetchrow($all_trans_name)){
			echo "<tr>";
			echo "<td>".$sequence."</td>";
			echo "<td>";
			echo "<input type=text name =\"namearray[]\" value =\"".$row['type_name']."\">";
			echo "<input type=hidden name =\"idarray[]\" value =\"".$row['type_id']."\">";
			echo "</td>";
			echo "<td>";
			echo "<a href = \"".$adminfile.".php?op=rvdeltrans&rowid=".$row['type_id']."\">"._XOA."</a>";
			echo "</td>";
			echo "</tr>";
			$sequence++;
		}
		echo "</table>";
		echo "<br><input type = submit name =\"revisename\" value=\""._CAPNHAT."\">";
		echo "</form>";
	}
	// add one name 
	echo "<br>";
	echo "<table border = \"0\" cellspacing = \"2\" cellpadding =\"4\">";
	echo "<tr>";
	echo "<form name = new_trans_name action=\"".$adminfile.".php?op=rvaddtrans\" method=\"post\">";
	echo "<td>"._THEM." ";
	echo "<input type =\"text\" name = \"newname\"/>";
	echo " <input type = submit name = anewname value = Submit /></td>";
	echo "</form>";
	echo "</tr>";
	echo "</table>";
	echo "</center>";
}

function trans_add(){
	global $db;
	if(isset($_POST['anewname'])){
		$name = $_POST['newname'];
		$query = "INSERT INTO `ad_name` ( `type_name` ) "
		."VALUES ('$name')";
		$db->sql_query($query);
	}
	trans_name_dis_edit();
}

function trans_del(){
	global $db, $adminfile;
	$ok = intval($_GET['ok']);
	$info_set = intval($_GET['rowid']);
	if($ok==""){
		CloseTable();
		echo "<br />";
		OpenTable();
		echo "<div align='center' style='padding: 5px'><b>"._DELSURE."</b><br><br>";
		echo "<a href='".$adminfile.".php?op=rvdeltrans&rowid=$info_set&ok=1'>[ "._CO." ]</a> | "._GOBACK."</div>\n";
	}elseif($ok==1){
		$query = "DELETE FROM `ad_name` WHERE `type_id` = $info_set";
		$db->sql_query($query);
		$query = "DELETE FROM `ad_item` WHERE `ad_name` = $info_set";
		$db->sql_query($query);
		trans_name_dis_edit();
	}
}

function trans_upd(){
	global $db;
	$namearray = array();
	$idarray = array();
	
	$namearray = $_POST['namearray'];
	$idarray = $_POST['idarray'];
	$i = 0;
	foreach ($namearray as $name)
	{
		$sql = "UPDATE `ad_name` SET `type_name` = '$name' WHERE `type_id` = '$idarray[$i]'";
		//echo $sql."<br>";
		$db->sql_query($sql);
		$i++;
	}
	trans_name_dis_edit();
}

///////////////////////  functions for category. /////////////////////////
function cat_dis_edit(){
	global $db, $adminfile;
	echo "<center>";
	echo "<span  style = \"font-size:12; font-weight:bold; color: white;\">"._LINHVUC."</span><br><br>";
	$all_cat = $db->sql_query("SELECT * FROM ad_cat ORDER BY cat_id ASC");
	$sequence = 1;
	if($db->sql_numrows($all_cat) > 0){
		echo "<form action=\"".$adminfile.".php?op=rvupdcat\" method=\"post\">";
		echo "<table border = \"2\" cellspacing = \"2\" cellpadding =\"4\">";
		echo "<tr>";
		echo "<td><b>"."TT"."</b></td>";
		echo "<td><b>"._LINHVUC."</b></td>";
		echo "<td><b>"._THAOTAC."</b></td>";
		echo "</tr>";
		while ($row = $db->sql_fetchrow($all_cat)){
			echo "<tr>";
			echo "<td>".$sequence."</td>";
			echo "<td>";
			echo "<input type=text name =\"namearray[]\" value =\"".$row['cat_name']."\">";
			echo "<input type=hidden name =\"idarray[]\" value =\"".$row['cat_id']."\">";
			echo "</td>";
			echo "<td>";
			echo "<a href = \"".$adminfile.".php?op=rvdelcat&rowid=".$row['cat_id']."\">"._XOA."</a>";
			echo "</td>";
			echo "</tr>";
			$sequence++;
		}
		echo "</table>";
		echo "<br><input type = submit name =\"revisecat\" value=\""._CAPNHAT."\">";
		echo "</form>";
	}
	// add one name 
	echo "<br>";
	echo "<table border = \"0\" cellspacing = \"2\" cellpadding =\"4\">";
	echo "<tr>";
	echo "<form name = new_cat_name action=\"".$adminfile.".php?op=rvaddcat\" method=\"post\">";
	echo "<td>"._THEM." ";
	echo "<input type =\"text\" name = \"newcat\"/>";
	echo " <input type = submit name = anewcat value = Submit /></td>";
	echo "</form>";
	echo "</tr>";
	echo "</table>";
	echo "</center>";
}

function cat_add(){
	global $db;
	if(isset($_POST['anewcat'])){
		$name = $_POST['newcat'];
		$query = "INSERT INTO `ad_cat` ( `cat_name` ) "
		."VALUES ('$name')";
		$db->sql_query($query);
	}
	cat_dis_edit();
}

function cat_del(){
	global $db, $adminfile;
	$ok = intval($_GET['ok']);
	$info_set = intval($_GET['rowid']);
	if($ok==""){
		CloseTable();
		echo "<br />";
		OpenTable();
		echo "<div align='center' style='padding: 5px'><b>"._DELSURE2."</b><br><br>";
		echo "<a href='".$adminfile.".php?op=rvdelcat&rowid=$info_set&ok=1'>[ "._CO." ]</a> | "._GOBACK."</div>\n";
	}elseif($ok==1){
		$query = "DELETE FROM `ad_cat` WHERE `cat_id` = '$info_set'";
		$db->sql_query($query);
		$query = "DELETE FROM `ad_item` WHERE `ad_cat` = '$info_set'";
		$db->sql_query($query);
		cat_dis_edit();
	}
}

function cat_upd(){
	global $db;
	$namearray = array();
	$idarray = array();
	
	$namearray = $_POST['namearray'];
	$idarray = $_POST['idarray'];
	$i = 0;
	foreach ($namearray as $name)
	{
		$sql = "UPDATE `ad_cat` SET `cat_name` = '$name' WHERE `cat_id` = '$idarray[$i]'";
		//echo $sql."<br>";
		$db->sql_query($sql);
		$i++;
	}
	cat_dis_edit();
}

///////////////////////  functions for area. /////////////////////////
function area_dis_edit(){
	global $db, $adminfile;
	echo "<center>";
	echo "<span  style = \"font-size:12; font-weight:bold; color: white;\">"._KHUVUC."</span><br><br>";
	$all_area = $db->sql_query("SELECT * FROM ad_area ORDER BY area_id ASC");
	$sequence = 1;
	if($db->sql_numrows($all_area) > 0){
		echo "<form action=\"".$adminfile.".php?op=rvupdarea\" method=\"post\">";
		echo "<table border = \"2\" cellspacing = \"2\" cellpadding =\"4\">";
		echo "<tr>";
		echo "<td><b>"."TT"."</b></td>";
		echo "<td><b>"._KHUVUC."</b></td>";
		echo "<td><b>"._THAOTAC."</b></td>";
		echo "</tr>";
		while ($row = $db->sql_fetchrow($all_area)){
			echo "<tr>";
			echo "<td>".$sequence."</td>";
			echo "<td>";
			echo "<input type=text name =\"namearray[]\" value =\"".$row['area_name']."\">";
			echo "<input type=hidden name =\"idarray[]\" value =\"".$row['area_id']."\">";
			echo "</td>";
			echo "<td>";
			echo "<a href = \"".$adminfile.".php?op=rvdelarea&rowid=".$row['area_id']."\">"._XOA."</a>";
			echo "</td>";
			echo "</tr>";
			$sequence++;
		}
		echo "</table>";
		echo "<br><input type = submit name =\"revisearea\" value=\""._CAPNHAT."\">";
		echo "</form>";
	}
	// add one name 
	echo "<br>";
	echo "<table border = \"0\" cellspacing = \"2\" cellpadding =\"4\">";
	echo "<tr>";
	echo "<form name = new_area_name action=\"".$adminfile.".php?op=rvaddarea\" method=\"post\">";
	echo "<td>"._THEM." ";
	echo "<input type =\"text\" name = \"newarea\"/>";
	echo " <input type = submit name = anewarea value = Submit /></td>";
	echo "</form>";
	echo "</tr>";
	echo "</table>";
	echo "</center>";
}

function area_add(){
	global $db;
	if(isset($_POST['anewarea'])){
		$name = $_POST['newarea'];
		$query = "INSERT INTO `ad_area` ( `area_name` ) "
		."VALUES ('$name')";
		$db->sql_query($query);
	}
	area_dis_edit();
}

function area_del(){
	global $db, $adminfile;
	$ok = intval($_GET['ok']);
	$info_set = intval($_GET['rowid']);
	if($ok==""){
		CloseTable();
		echo "<br />";
		OpenTable();
		echo "<div align='center' style='padding: 5px'><b>"._DELSURE3."</b><br><br>";
		echo "<a href='".$adminfile.".php?op=rvdelarea&rowid=$info_set&ok=1'>[ "._CO." ]</a> | "._GOBACK."</div>\n";
	}elseif($ok==1){
		$query = "DELETE FROM `ad_area` WHERE `area_id` = $info_set";
		$db->sql_query($query);
		$query = "DELETE FROM `ad_item` WHERE `ad_area` = $info_set";
		$db->sql_query($query);
		area_dis_edit();
	}
}

function area_upd(){
	global $db;
	$namearray = array();
	$idarray = array();
	
	$namearray = $_POST['namearray'];
	$idarray = $_POST['idarray'];
	$i = 0;
	foreach ($namearray as $name)
	{
		$sql = "UPDATE `ad_area` SET `area_name` = '$name' WHERE `area_id` = '$idarray[$i]'";
		$db->sql_query($sql);
		$i++;
	}
	area_dis_edit();
}

function display_list($type){
	global $adminfile;
	echo "<center>";
	echo "<form name=\"listData\" action=\"".$adminfile.".php?op=rvprepare_query\" method=\"post\">";
	echo _CHONDULIEU;
	echo "<select name=\"selectData\">"
		."<option value =\"1\" name=\"selectData\"";
	if($type == 1){ echo " selected ";} 
	echo ">"._TATCARAOVAT."</option>";
	echo "<option value =\"2\" name=\"selectData\"";
	if($type == 2){ echo " selected ";} 
	echo ">"._RAOVATXAU."</option>";
	echo "<option value =\"3\" name=\"selectData\"";
	if($type == 3){ echo " selected ";} 
	echo ">"._RAOVATCHUAKIEMTRA."</option>";
	echo "</select>"
		." <input type = submit name=submit value = \"Go\">"
		."</form>"
		."</center><br>";
}

function displayNav($aquery, $type, $page){
	global $db, $adminfile;
	
	$ad_per_page = 5;
	$some_ad = $db->sql_query($aquery);
	$total_record = @mysql_num_rows($some_ad);
	if($total_record<=0){
		echo "<center><b>";
		echo (_EMPTYDATA."<br>");
		echo "</b></center>";
		return 0;
	}
	else{
		$num_page = intval($total_record/$ad_per_page);
		$record_left = $total_record%$ad_per_page;
		if($record_left>0){ $num_page++;}
		echo "<div style=\"text-align:right;\">";
		echo "<b>"._TRANG." : </b>";
		// first Page
		if($page != 1 && $num_page!= 1){
			echo "<a href=\"".$adminfile.".php?op=rvprepare_query&type=$type&page=1\">";
			echo "["._DAU."]";
			echo "</a>";
		}
		// 3 in the middle
		for($ind = 1; $ind <= $num_page; $ind++){
			echo "<a href=\"".$adminfile.".php?op=rvprepare_query&type=$type&page=$ind\">";
			if($ind == $page){ echo "<b>";}
			echo " [".$ind."] ";
			if($ind == $page){ echo "</b>";}
			echo "</a>";
		}
		//last page
		if($num_page!= $page && $num_page != 1){
			echo "<a href=\"".$adminfile.".php?op=rvprepare_query&type=$type&page=$num_page\">";
			echo "["._CUOI."]";
			echo "</a>";
		}
		echo "</div><br>";
	}
	return 1;
}

function prepare_query($type, $page){
	global $user_prefix;
	
	$ad_per_page = 5;
	$start = ($page-1)*$ad_per_page;
	$end = $start + $ad_per_page;
	$sql_sel = "SELECT ad_item.item_id, "
					." ad_item.user_id, "
					." ad_item.title, "
					." ad_item.content, "
					." ad_item.expired_day, "
					." ".$user_prefix."_users.username, "
					." ad_item.add_time, "
					." ad_item.is_bad, "
					." ad_item.is_checked "
					." FROM ad_item, ".$user_prefix."_users "
					." WHERE ad_item.user_id = ".$user_prefix."_users.user_id ";
					
	switch($type){
		case 2:
			$query = $sql_sel."AND ad_item.is_bad = '1' ORDER BY ad_item.item_id DESC LIMIT $start,$end";
			$nav_query = "SELECT item_id FROM ad_item WHERE is_bad = '1' ORDER BY item_id DESC";
		break;
		case 3:
			$query = $sql_sel."AND ad_item.is_checked = '0' ORDER BY ad_item.item_id DESC LIMIT $start,$end";
			$nav_query = "SELECT item_id FROM ad_item WHERE is_checked = '0' ORDER BY item_id DESC";
		break;
		default:
			$query = $sql_sel." ORDER BY ad_item.item_id DESC LIMIT $start,$end ";
			$nav_query = "SELECT item_id FROM ad_item ORDER BY item_id DESC";
		break;
	}
	
	display_list($type);
	if(displayNav($nav_query, $type, $page))
		item_dis_edit($query, $type, $page);
}

function item_dis_edit($sql, $type, $page){
	global $db, $user_prefix, $max_exp, $adminfile;
	
	$result = $db->sql_query($sql);
	$num_ad = mysql_num_rows($result);
	if($num_ad<=0){
		echo(_EMPTYDATA);
	}else{
		 if($num_ad == 1 && $page >1){
		/// now check for there is only one record left of this query ////////////
		/// why it's important? 1.stop further process that may cause undesired result.
		$page--;
		}
		echo "<center>";
		echo "<form name=\"saveall\" action=\"".$adminfile.".php?op=rvsaveall\" method=\"post\">";
		echo "<input type = hidden name =\"type\" value =$type>";
		echo "<input type = hidden name =\"page\" value =$page>";
		echo "<table border=\"2\" cellspacing = \"2\" cellpadding =\"2\">"
		// table title//////////////////////////////////////////////////
			."<tr>"
			."<td>"
			._TIEUDE
			."</td>"
			."<td>"
			._NOIDUNG
			."</td>"
			."<td>"
			._NGUOIDANG
			."</td>"
			."<td>"
			._NGAYDANG
			."</td>"
			."<td>"
			._XAU
			."</td>"
			."<td>"
			._KIEMTRA
			."</td>"
			."<td>"
			._THAOTAC
			."</td>"
			."</tr>";
			// data ////////////////////////////////////////
			while($row = $db->sql_fetchrow($result)){
			echo "<tr>"
			."<td>"
			."<input type = hidden name = \"idarray[]\" value = \"".$row['item_id']."\">"
			."<textarea name=\"titlearray[]\" rows=\"8\" cols=\"4\" style=\"width:150px;\">".$row['title']."</textarea>"
			."</td>"
			."<td>"
			."<textarea name=\"contentarray[]\" rows=\"8\" cols=\"4\" style=\"width:300px;\">".$row['content']."</textarea>"
			."</td>"
			."<td>"
			."<a href=\"?op=modifyUser&chng_uid=".$row['user_id']."\">"
			.$row['username']
			."</a>"
			."</td>"
			."<td>"
			.date("d.m.y",$row['add_time'])."<br>";
			$time_passed = time() - intval($row['add_time']);
			$days_passed = intval($time_passed/86400);
			if($days_passed > $max_exp || $days_passed > intval($row['expired_day'])){
				echo "("._HETHIEULUC.")";
			}else{
				$dayleft = intval($row['expired_day']) - $days_passed ;
				 echo "("._CON."<br>".$dayleft._NGAY.")";
			}
			
			echo "</td>"
			."<td>";
			
			echo "<select name=\"is_badarray[]\">";
			if($row['is_bad'] == 1){
				echo "<option value =\"1\"\" selected name=\"is_badarray[]\">Yes</option>";
				echo "<option value =\"0\"\" name=\"is_badarray[]\">No</option>";
			}else{
				echo "<option value =\"1\"\" name=\"is_badarray[]\">Yes</option>";
				echo "<option value =\"0\"\" selected name=\"is_badarray[]\">No</option>";
			}
			echo "</select>";
			echo "</td>"
			."<td>";
			
			echo "<select name=\"is_checkedarray[]\">";
			if($row['is_checked'] == 1){
				echo "<option value =\"1\"\" selected name=\"is_checkedarray[]\">Yes</option>";
				echo "<option value =\"0\"\" name=\"is_checkedarray[]\">No</option>";
			}else{
				echo "<option value =\"1\"\" name=\"is_checkedarray[]\">Yes</option>";
				echo "<option value =\"0\"\" selected name=\"is_checkedarray[]\">No</option>";
			}
			echo "</select>";
					
			echo "</td>"
			."<td>"
			."<a href = \"".$adminfile.".php?op=rvdelitem&type=$type&page=$page&rowid=".$row['item_id']."\">"._XOA."</a>"
			."</td>"
			."</tr>";
			}
		echo "</table><br>";
		echo "<input type=submit name=submit value ="._SAVECHANGES.">";
		echo "</form>";
		echo "</center>";
	}
}

function rv_save(){
	global $db;
	
	$idarray = array();
	$titlearray = array();
	$contentarray = array();
	$is_badarray = array();
	$is_checkedarray = array();
		
	$idarray = $_POST['idarray'];
	$titlearray = $_POST['titlearray'];
	$contentarray = $_POST['contentarray'];
	$is_badarray = $_POST['is_badarray'];
	$is_checkedarray = $_POST['is_checkedarray'];
	$type = $_POST['type'];
	$page = $_POST['page'];
	$i = 0;
	
	foreach ($idarray as $id){
		$ntitle = $titlearray[$i];
		$ncontent = $contentarray[$i];
		$nis_bad = $is_badarray[$i];
		$nis_checked = $is_checkedarray[$i];
		$sql = "UPDATE `ad_item` SET `title`='$ntitle', `content`='$ncontent', `is_bad`='$nis_bad', `is_checked`='$nis_checked' WHERE `item_id` = '$id'";
		$db->sql_query($sql);
		$i++;
	}
	prepare_query($type, $page);
}

function rv_del_item(){
	global $db;
	$info_set = $_GET['rowid'];
	$query = "DELETE FROM `ad_item` WHERE `item_id` = $info_set";
	$db->sql_query($query);
	prepare_query($_GET['type'], $_GET['page']);
}

function list_content_command(){
		global $content_ctrl; 
		echo "<center>";
    if($content_ctrl==1){
    	echo "<br><br>( "._CHUYKIEMSOATNOIDUNG." )";
    }
    echo "</center><br>";
}
// main program ///////////////////////////////
// header

	include("../header.php");
  OpenTable();
	linkList(); // list option for admin management.
	
	switch($op) {
		case "rvgeneral":
			general_option();
		break;
		case "rvsavechanges":
			save_changes();
		break;
		
		// transaction name
		case "rvtrans":
			trans_name_dis_edit();
		break;
    case "rvaddtrans":
      trans_add();
    break;
    case "rvdeltrans":
      trans_del();
    break; 
    case "rvupdtrans":
      trans_upd();
    break; 
    
    // categories 
		case "rvcate":
			cat_dis_edit();
		break;
    case "rvaddcat":
      cat_add();
    break;
    case "rvdelcat":
      cat_del();
    break; 
    case "rvupdcat":
      cat_upd();
    break; 
    
        // area 
		case "rvarea":
			area_dis_edit();
		break;
    case "rvaddarea":
      area_add();
    break;
    case "rvdelarea":
      area_del();
    break; 
    case "rvupdarea":
      area_upd();
    break; 
    	// contents control
    case "rvcheck":
    	list_content_command();
    	display_list(1);
    break;
    case "rvprepare_query":
    	if(isset($_POST['selectData'])){
    		prepare_query($_POST['selectData'],1);
    	}else{
    		prepare_query($_GET['type'],$_GET['page']);
    	}
    break;
    case "rvsaveall":
    	rv_save();
    break;
		case "rvdelitem":
			rv_del_item();
    default:
    	general_option();
    break;
	}
	
	// footer
	CloseTable();
  include("../footer.php");	
	
?>
